This invention relates to a security system for the protection of computer programs and more particularly to such a system which uses a plug-in action coded hardware device which is furnished with the program to be protected and is interrogated by the program.
Many micro-computer products are based on one of a relatively small group of microprocessors making it technically as well as economically feasible to copy computer programs, and to move them from one hardware environment to another. Much of the computer software or programs are written and distributed in a form easily duplicated, for example, floppy disks or diskettes. By agreement, when the programs are sold, copies may be made for back-up purposes but not for redistribution. However, when such products become popular, unauthorized use and copying become a problem.
Many attempts have been made to thwart unauthorized use of any copies of the software programs. One such approach is to design the recording medium such that it will erase or become useless when an attempt is made to copy it, or the recording medium is designed to have physical or timing anomalies in specific locations such that an attempt to copy it will normally not produce usable results. In either of the aforesaid cases, legitimate back-up copies cannot be produced which could result in a permanent loss of important data in the event of a system failure, or at least would be a considerable inconvenience for the user.
Another approach is to supply the computer with the means to add a programmable read-only memory (PROM) into which a serial number is embedded. The software is then written to interrogate the PROM and if the serial number matches that which is written into the software, then the program is allowed to run. The disadvantage to this approach is that each piece of software must be individually serialized to each PROM and accordingly to each computer which makes the process awkward and cumbersome. Furthermore, the computer industry would have to universally agree on this approach to adapt PROMs for this purpose in order for it to succeed. Furthermore, the PROMs or modules are devices which can easily be removed and decoded and duplicated without difficulty.
Another method to protect software that is commonly used is within the software itself in which the author prepares the program to contain a control file. The control file is generally customized for a particular end user and usually contains perameters which refer to the specifics such as computer type, company name, etc. Since the source code for this file is generally not given, it would take an expert programmer to determine how to alter the file for use with other computers and for other companies. Although such an idea serves to limit unauthorized distribution, by way of difficulty in finding a programmer capable of the task, the system is not fool proof, and it is likely that there will be several computers of the same type at several other locations with the company name remaining the same. In such a case, there would be absolutely no protection against illegitimate copies. Secondly, once a particular control file has been formulated, the software will be able to be executed on any machine with a compatable operating system. Accordingly, the ohly remaining deterrent would be some other aspect of the customized version, for example, the original company name to appear on an invoice on a stolen copy. In relative terms the degree of difficulty to alter these variables is minor, the result being that this method of protection cannot be totally relied upon.
Still another method to protect software to which the present invention is directed is some type of hardware device which is supplied with each package of software sold to the user which is intended to be plugged in to a communications port in the computer in which the package is to be employed. A communications port (such as an RS-232C or similar) of a computer is an external connection between the computer and various peripheral equipments such as printers, modems, interactive game controls, etc. The port is interrogated via the software supplied to determine the presence of the hardware which if present permits the software program to proceed. If not, several options are available to the author, the simplest of which might be a display on the terminal which states that the program cannot proceed without the device being connected. Such hardware attachment devices in the past have been passive networks and/or jumpered connections which a semi-skilled technician would have little difficulty in duplicating. More sophisticated devices have revolved around the implementation of a PROM in a manner cited above, but the execution of the decoding process with its attendent circuitry outside the computer body poses problems and complexity, and excess hardware such as providing timing, register storage, addressing means and external power requirements not normally in a communications port make such a system fairly costly and impractical.